Free PQC readiness scan — Cryptographic Bill of Materials · Throndar
Sign inGet started
Free PQC readiness scanWhere is quantum-vulnerable cryptography in your stack?<br>A Cryptographic Bill of Materials (CBOM) is the first step every PQC-migration guidance asks for. Get a quick A–F preview below — it runs entirely in your browser, nothing is uploaded — then run the full scan in your CI.<br>Paste a manifest or crypto config (package.json, requirements.txt, go.mod, a cipher list…) — it stays in your browserTry a sample
Full scan — free, in your CI<br>The open-source MIT scanner runs the complete rule set across your whole repository and emits a CycloneDX 1.6 CBOM, a SARIF report for your Security tab, and an embeddable A–F badge. Drop this step into any workflow — it is self-contained, no install step:<br># .github/workflows/pqc-readiness.yml<br>name: PQC readiness<br>on: [push, pull_request]<br>jobs:<br>cbom:<br>runs-on: ubuntu-latest<br>steps:<br>- uses: actions/checkout@v4<br>- name: Post-Quantum Readiness Scorecard<br>uses: brandonjsellam-Releone/pq-readiness-scorecard@v1<br>with:<br>path: .<br>fail-on: broken-classical # fail the build on broken crypto<br># emits a CycloneDX 1.6 CBOM, a SARIF report (Security tab), and an A–F gradeOr run it locally from npm (open-source, MIT):<br>npx -p @trelyan/verify-pqc pqcbom .<br>Need it signed and audit-ready?<br>An Evidence Pack Express turns the scan into a cryptographically signed deliverable — executive summary, A–F grade, findings, CBOM, and a migration plan — that your auditors, customers, or board can independently verify. Any alteration to the grade invalidates the signature.<br>Get a signed Evidence Pack →<br>The preview and scanner are lexical — findings are leads to verify, not a complete inventory. Algorithm names denote the public standards they are based on, not a CMVP/FIPS-140 validation. This is not a certification and not a guarantee of quantum safety. See also our own CBOM and the developer API.
© 2026 Throndar. Post-quantum by design: X25519 + ML-KEM-1024 key exchange, and every answer signed with ML-DSA-87 (FIPS 204) plus a Falcon co-signature (FN-DSA, FIPS 206 forthcoming).<br>🌱Stripe Climate member · 1.5% of revenue → carbon removalQuantum-resistant by design
✨Ask Throndar